Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2016-0781

Published: 25/05/2017 Updated: 06/08/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Pivotal Software

Vulnerability Summary

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions before 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pivotal software cloud foundry elastic runtime 1.6.3

pivotal software cloud foundry elastic runtime 1.6.4

pivotal software cloud foundry elastic runtime 1.6.5

pivotal software cloud foundry elastic runtime 1.6.6

pivotal software cloud foundry elastic runtime 1.6.19

pivotal software cloud foundry uaa 3.0.0

pivotal software cloud foundry uaa 3.0.1

pivotal software cloud foundry uaa 3.1.0

pivotal software cloud foundry 219

pivotal software cloud foundry 220

pivotal software cloud foundry 221

pivotal software cloud foundry 222

pivotal software login-server -

cloudfoundry cloud foundry uaa bosh 6

pivotal software cloud foundry elastic runtime 1.6.0

pivotal software cloud foundry elastic runtime 1.6.2

pivotal software cloud foundry elastic runtime 1.6.7

pivotal software cloud foundry elastic runtime 1.6.9

pivotal software cloud foundry elastic runtime 1.6.16

pivotal software cloud foundry elastic runtime 1.6.18

pivotal software cloud foundry uaa 3.2.0

pivotal software cloud foundry 208

pivotal software cloud foundry 210

pivotal software cloud foundry 215

pivotal software cloud foundry 217

pivotal software cloud foundry 224

pivotal software cloud foundry 226

cloudfoundry cloud foundry uaa bosh 2

cloudfoundry cloud foundry uaa bosh 3

cloudfoundry cloud foundry uaa bosh 4

cloudfoundry cloud foundry uaa bosh 5

pivotal software cloud foundry elastic runtime 1.6.11

pivotal software cloud foundry elastic runtime 1.6.12

pivotal software cloud foundry elastic runtime 1.6.13

pivotal software cloud foundry elastic runtime 1.6.14

pivotal software cloud foundry 211

pivotal software cloud foundry 212

pivotal software cloud foundry 213

pivotal software cloud foundry 214

pivotal software cloud foundry 227

pivotal software cloud foundry 228

pivotal software cloud foundry 229

pivotal software cloud foundry 230

pivotal software cloud foundry 231

cloudfoundry cloud foundry uaa bosh 7

pivotal software cloud foundry elastic runtime 1.6.1

pivotal software cloud foundry elastic runtime 1.6.8

pivotal software cloud foundry elastic runtime 1.6.10

pivotal software cloud foundry elastic runtime 1.6.15

pivotal software cloud foundry elastic runtime 1.6.17

pivotal software cloud foundry uaa

pivotal software cloud foundry 209

pivotal software cloud foundry 216

pivotal software cloud foundry 218

pivotal software cloud foundry 223

pivotal software cloud foundry 225

pivotal software cloud foundry 241

References

CWE-79https://pivotal.io/security/cve-2016-0781https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook